Erik Johnston

3 exploits Active since Apr 2021
CVE-2021-29432 WRITEUP MEDIUM WRITEUP
Matrix Sydent < 2.3.0 - Improper Input Validation
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.
CVSS 5.3
CVE-2024-31208 WRITEUP MEDIUM WRITEUP
Matrix Synapse < 1.105.1 - Resource Allocation Without Limits
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API.
CVSS 6.5
CVE-2025-30355 WRITEUP HIGH WRITEUP
Synapse <1.127.1 - DoS
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
CVSS 7.1